Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for GCP Cloud Storage

GCP Cloud Storage
GCP Cloud Storage icon

Out-of-the-Box Security For GCP Cloud Storage Includes:

Alerts - 5

Stay on top of GCP Cloud Storage key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

No Logs from Cloud Storage In Last 36 Hours

This alert gets triggered when there are no logs from cloud storage in the last 36 hours. Impact This could suggest misconfiguration, integration errors, or access restrictions issues. In such scenarios, security alerts and activities might not trigger alarms, potentially allowing suspicious activities to go unnoticed. Mitigation Reach out to the engineering team to examine the workflow logs, ensuring they are securely configured and operating as intended. Address and mitigate any errors, and restrict significant changes to administrators for enhanced control. MITRE Tactic: TA0040 MITRE Technique: T1489

A User was Added to a Bucket IAM Permissions

This alert gets triggered when a user is added to a bucket or granted access. Impact A potential threat actor might manipulate the permissions of a storage bucket to compromise the security controls of their target. Alternatively, an administrator could unintentionally alter the permissions, potentially resulting in the exposure or loss of data. Mitigation System administrators can adjust permissions for storage buckets. Confirm that any modifications to permissions align with anticipated changes. If unexpected permission changes are identified, remove the user from the bucket access. MITRE Tactic: TA0005 MITRE Technique: T1222

Suspicious Type of Files was Uploaded to a Bucket

This alert gets triggered when an unusual file type is uploaded to a bucket. Note - Kindly add the genuine file formats in the query whitelisting. Impact This suggests that abnormal files have been uploaded to a bucket, posing a potential risk of malicious activities such as bots, malware, trojans, credential harvesting, and command-and-control (C2C) operations. Mitigation Examine the file types uploaded in the bucket, remove any unusual files, and limit access to authorized users only. MITRE Tactic: TA0010 MITRE Technique: T1537

Multiple Buckets Created by a User

This alert gets triggered when multiple buckets are created in a short time by a single user. Note - In this alert, the threshold is set to more than 5 buckets created within 20 minutes timeframe. Impact Atypical creation of storage buckets could affect storage capacity, costs, and potentially serve as a means for storing malicious data, facilitating data exfiltration, and enabling unauthorized access. Mitigation It is advisable to examine the configuration settings of the storage bucket and the data being stored to enhance security. Evaluate the configuration to ensure compliance with corporate best practices. MITRE Tactic: TA0010 MITRE Technique: T1020

Multiple Buckets Deleted By a User

This alert gets triggered when multiple buckets are deleted in a short period by a single user. Note - In this alert, the threshold is set to more than 5 buckets deleted within 15 minutes timeframe. Impact A potential threat actor might intentionally erase a storage bucket to disrupt the business operations of their target. The impact would be - data loss, operation interruption, database downtime, etc. Mitigation System or network administrators can delete storage buckets. Confirm whether the user email, resource name, and/or hostname align with authorized entities for making changes in your environment. For critical data buckets, it is recommended to take the daily data backup. MITRE Tactic: TA0040 MITRE Technique: T1485

Documentation

Learn more about Coralogix's out-of-the-box integration with GCP Cloud Storage in our documentation.

Read More
Schedule Demo